rack 2.0.7 → 2.2.4

data/lib/rack/lint.rb

@@ -1,4 +1,5 @@
-require 'rack/utils'
+# frozen_string_literal: true
+
 require 'forwardable'
 
 module Rack
@@ -33,7 +34,7 @@ module Rack
 
     ## A Rack application is a Ruby object (not a class) that
     ## responds to +call+.
-    def call(env=nil)
+    def call(env = nil)
       dup._call(env)
     end
 
@@ -46,13 +47,24 @@ module Rack
       env[RACK_ERRORS] = ErrorWrapper.new(env[RACK_ERRORS])
 
       ## and returns an Array of exactly three values:
-      status, headers, @body = @app.call(env)
+      ary = @app.call(env)
+      assert("response is not an Array, but #{ary.class}") {
+        ary.kind_of? Array
+      }
+      assert("response array has #{ary.size} elements instead of 3") {
+        ary.size == 3
+      }
+
+      status, headers, @body = ary
       ## The *status*,
       check_status status
       ## the *headers*,
       check_headers headers
 
-      check_hijack_response headers, env
+      hijack_proc = check_hijack_response headers, env
+      if hijack_proc && headers.is_a?(Hash)
+        headers[RACK_HIJACK] = hijack_proc
+      end
 
       ## and the *body*.
       check_content_type status, headers
@@ -63,12 +75,15 @@ module Rack
 
     ## == The Environment
     def check_env(env)
-      ## The environment must be an instance of Hash that includes
+      ## The environment must be an unfrozen instance of Hash that includes
       ## CGI-like headers.  The application is free to modify the
       ## environment.
       assert("env #{env.inspect} is not a Hash, but #{env.class}") {
         env.kind_of? Hash
       }
+      assert("env should not be frozen, but is") {
+        !env.frozen?
+      }
 
       ##
       ## The environment is required to include these variables
@@ -102,17 +117,19 @@ module Rack
       ##                         follows the <tt>?</tt>, if any. May be
       ##                         empty, but is always required!
 
-      ## <tt>SERVER_NAME</tt>, <tt>SERVER_PORT</tt>::
-      ##                        When combined with <tt>SCRIPT_NAME</tt> and
+      ## <tt>SERVER_NAME</tt>:: When combined with <tt>SCRIPT_NAME</tt> and
       ##                        <tt>PATH_INFO</tt>, these variables can be
       ##                        used to complete the URL. Note, however,
       ##                        that <tt>HTTP_HOST</tt>, if present,
       ##                        should be used in preference to
       ##                        <tt>SERVER_NAME</tt> for reconstructing
       ##                        the request URL.
-      ##                        <tt>SERVER_NAME</tt> and <tt>SERVER_PORT</tt>
-      ##                        can never be empty strings, and so
-      ##                        are always required.
+      ##                        <tt>SERVER_NAME</tt> can never be an empty
+      ##                        string, and so is always required.
+
+      ## <tt>SERVER_PORT</tt>:: An optional +Integer+ which is the port the
+      ##                        server is running on. Should be specified if
+      ##                        the server is running on a non-standard port.
 
       ## <tt>HTTP_</tt> Variables:: Variables corresponding to the
       ##                            client-supplied HTTP request
@@ -123,9 +140,8 @@ module Rack
       ##                            the presence or absence of the
       ##                            appropriate HTTP header in the
       ##                            request. See
-      ##                            <a href="https://tools.ietf.org/html/rfc3875#section-4.1.18">
-      ##                            RFC3875 section 4.1.18</a> for
-      ##                            specific behavior.
+      ##                            {RFC3875 section 4.1.18}[https://tools.ietf.org/html/rfc3875#section-4.1.18]
+      ##                            for specific behavior.
 
       ## In addition to this, the Rack environment must include these
       ## Rack-specific variables:
@@ -197,6 +213,11 @@ module Rack
         assert("session #{session.inspect} must respond to clear") {
           session.respond_to?(:clear)
         }
+
+        ##                         to_hash (returning unfrozen Hash instance);
+        assert("session #{session.inspect} must respond to to_hash and return unfrozen Hash instance") {
+          session.respond_to?(:to_hash) && session.to_hash.kind_of?(Hash) && !session.to_hash.frozen?
+        }
       end
 
       ## <tt>rack.logger</tt>:: A common object interface for logging messages.
@@ -252,28 +273,49 @@ module Rack
       ## accepted specifications and must not be used otherwise.
       ##
 
-      %w[REQUEST_METHOD SERVER_NAME SERVER_PORT
-         QUERY_STRING
+      %w[REQUEST_METHOD SERVER_NAME QUERY_STRING
          rack.version rack.input rack.errors
          rack.multithread rack.multiprocess rack.run_once].each { |header|
         assert("env missing required key #{header}") { env.include? header }
       }
 
+      ## The <tt>SERVER_PORT</tt> must be an Integer if set.
+      assert("env[SERVER_PORT] is not an Integer") do
+        server_port = env["SERVER_PORT"]
+        server_port.nil? || (Integer(server_port) rescue false)
+      end
+
+      ## The <tt>SERVER_NAME</tt> must be a valid authority as defined by RFC7540.
+      assert("#{env[SERVER_NAME]} must be a valid authority") do
+        URI.parse("http://#{env[SERVER_NAME]}/") rescue false
+      end
+
+      ## The <tt>HTTP_HOST</tt> must be a valid authority as defined by RFC7540.
+      assert("#{env[HTTP_HOST]} must be a valid authority") do
+        URI.parse("http://#{env[HTTP_HOST]}/") rescue false
+      end
+
       ## The environment must not contain the keys
       ## <tt>HTTP_CONTENT_TYPE</tt> or <tt>HTTP_CONTENT_LENGTH</tt>
       ## (use the versions without <tt>HTTP_</tt>).
       %w[HTTP_CONTENT_TYPE HTTP_CONTENT_LENGTH].each { |header|
-        assert("env contains #{header}, must use #{header[5,-1]}") {
+        assert("env contains #{header}, must use #{header[5, -1]}") {
           not env.include? header
         }
       }
 
       ## The CGI keys (named without a period) must have String values.
+      ## If the string values for CGI keys contain non-ASCII characters,
+      ## they should use ASCII-8BIT encoding.
       env.each { |key, value|
         next  if key.include? "."   # Skip extensions
         assert("env variable #{key} has non-string value #{value.inspect}") {
           value.kind_of? String
         }
+        next if value.encoding == Encoding::ASCII_8BIT
+        assert("env variable #{key} has value containing non-ASCII characters and has non-ASCII-8BIT encoding #{value.inspect} encoding: #{value.encoding}") {
+          value.b !~ /[\x80-\xff]/n
+        }
       }
 
       ## There are the following restrictions:
@@ -295,7 +337,7 @@ module Rack
       check_hijack env
 
       ## * The <tt>REQUEST_METHOD</tt> must be a valid token.
-      assert("REQUEST_METHOD unknown: #{env[REQUEST_METHOD]}") {
+      assert("REQUEST_METHOD unknown: #{env[REQUEST_METHOD].dump}") {
         env[REQUEST_METHOD] =~ /\A[0-9A-Za-z!\#$%&'*+.^_`|~-]+\z/
       }
 
@@ -336,7 +378,7 @@ module Rack
       ## When applicable, its external encoding must be "ASCII-8BIT" and it
       ## must be opened in binary mode, for Ruby 1.9 compatibility.
       assert("rack.input #{input} does not have ASCII-8BIT as its external encoding") {
-        input.external_encoding.name == "ASCII-8BIT"
+        input.external_encoding == Encoding::ASCII_8BIT
       } if input.respond_to?(:external_encoding)
       assert("rack.input #{input} is not opened in binary mode") {
         input.binmode?
@@ -568,7 +610,7 @@ module Rack
 
       # this check uses headers like a hash, but the spec only requires
       # headers respond to #each
-      headers = Rack::Utils::HeaderHash.new(headers)
+      headers = Rack::Utils::HeaderHash[headers]
 
       ## In order to do this, an application may set the special header
       ## <tt>rack.hijack</tt> to an object that responds to <tt>call</tt>
@@ -592,7 +634,7 @@ module Rack
           headers[RACK_HIJACK].respond_to? :call
         }
         original_hijack = headers[RACK_HIJACK]
-        headers[RACK_HIJACK] = proc do |io|
+        proc do |io|
           original_hijack.call HijackWrapper.new(io)
         end
       else
@@ -602,6 +644,8 @@ module Rack
         assert('rack.hijack header must not be present if server does not support hijacking') {
           headers[RACK_HIJACK].nil?
         }
+
+        nil
       end
     end
     ## ==== Conventions
@@ -626,15 +670,17 @@ module Rack
       assert("headers object should respond to #each, but doesn't (got #{header.class} as headers)") {
          header.respond_to? :each
       }
-      header.each { |key, value|
-        ## Special headers starting "rack." are for communicating with the
-        ## server, and must not be sent back to the client.
-        next if key =~ /^rack\..+$/
 
+      header.each { |key, value|
         ## The header keys must be Strings.
         assert("header key must be a string, was #{key.class}") {
           key.kind_of? String
         }
+
+        ## Special headers starting "rack." are for communicating with the
+        ## server, and must not be sent back to the client.
+        next if key =~ /^rack\..+$/
+
         ## The header must not contain a +Status+ key.
         assert("header must not contain Status") { key.downcase != "status" }
         ## The header must conform to RFC7230 token specification, i.e. cannot
@@ -662,7 +708,7 @@ module Rack
         ## 204 or 304.
         if key.downcase == "content-type"
           assert("Content-Type header found in #{status} response, not allowed") {
-            not Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.include? status.to_i
+            not Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.key? status.to_i
           }
           return
         end
@@ -676,7 +722,7 @@ module Rack
           ## There must not be a <tt>Content-Length</tt> header when the
           ## +Status+ is 1xx, 204 or 304.
           assert("Content-Length header found in #{status} response, not allowed") {
-            not Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.include? status.to_i
+            not Rack::Utils::STATUS_WITH_NO_ENTITY_BODY.key? status.to_i
           }
           @content_length = value
         end

data/lib/rack/lobster.rb

@@ -1,7 +1,6 @@
-require 'zlib'
+# frozen_string_literal: true
 
-require 'rack/request'
-require 'rack/response'
+require 'zlib'
 
 module Rack
   # Paste has a Pony, Rack has a Lobster!
@@ -25,8 +24,8 @@ module Rack
       content = ["<title>Lobstericious!</title>",
                  "<pre>", lobster, "</pre>",
                  "<a href='#{href}'>flip!</a>"]
-      length = content.inject(0) { |a,e| a+e.size }.to_s
-      [200, {CONTENT_TYPE => "text/html", CONTENT_LENGTH => length}, content]
+      length = content.inject(0) { |a, e| a + e.size }.to_s
+      [200, { CONTENT_TYPE => "text/html", CONTENT_LENGTH => length }, content]
     }
 
     def call(env)
@@ -37,8 +36,8 @@ module Rack
             gsub('\\', 'TEMP').
             gsub('/', '\\').
             gsub('TEMP', '/').
-            gsub('{','}').
-            gsub('(',')')
+            gsub('{', '}').
+            gsub('(', ')')
         end.join("\n")
         href = "?flip=right"
       elsif req.GET["flip"] == "crash"
@@ -62,9 +61,10 @@ module Rack
 end
 
 if $0 == __FILE__
-  require 'rack'
-  require 'rack/show_exceptions'
+  # :nocov:
+  require_relative '../rack'
   Rack::Server.start(
-    :app => Rack::ShowExceptions.new(Rack::Lint.new(Rack::Lobster.new)), :Port => 9292
+    app: Rack::ShowExceptions.new(Rack::Lint.new(Rack::Lobster.new)), Port: 9292
   )
+  # :nocov:
 end

data/lib/rack/lock.rb

@@ -1,5 +1,6 @@
+# frozen_string_literal: true
+
 require 'thread'
-require 'rack/body_proxy'
 
 module Rack
   # Rack::Lock locks every request inside a mutex, so that every request

data/lib/rack/logger.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'logger'
 
 module Rack

data/lib/rack/media_type.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   # Rack::MediaType parse media type and parameters out of content_type string
 
@@ -13,7 +15,7 @@ module Rack
       # http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.7
       def type(content_type)
         return nil unless content_type
-        content_type.split(SPLIT_PATTERN, 2).first.downcase
+        content_type.split(SPLIT_PATTERN, 2).first.tap &:downcase!
       end
 
       # The media type parameters provided in CONTENT_TYPE as a Hash, or
@@ -23,15 +25,18 @@ module Rack
       #   { 'charset' => 'utf-8' }
       def params(content_type)
         return {} if content_type.nil?
-        Hash[*content_type.split(SPLIT_PATTERN)[1..-1].
-          collect { |s| s.split('=', 2) }.
-          map { |k,v| [k.downcase, strip_doublequotes(v)] }.flatten]
+
+        content_type.split(SPLIT_PATTERN)[1..-1].each_with_object({}) do |s, hsh|
+          k, v = s.split('=', 2)
+
+          hsh[k.tap(&:downcase!)] = strip_doublequotes(v)
+        end
       end
 
       private
 
         def strip_doublequotes(str)
-          (str[0] == ?" && str[-1] == ?") ? str[1..-2] : str
+          (str.start_with?('"') && str.end_with?('"')) ? str[1..-2] : str
         end
     end
   end

data/lib/rack/method_override.rb

@@ -1,9 +1,11 @@
+# frozen_string_literal: true
+
 module Rack
   class MethodOverride
     HTTP_METHODS = %w[GET HEAD PUT POST DELETE OPTIONS PATCH LINK UNLINK]
 
-    METHOD_OVERRIDE_PARAM_KEY = "_method".freeze
-    HTTP_METHOD_OVERRIDE_HEADER = "HTTP_X_HTTP_METHOD_OVERRIDE".freeze
+    METHOD_OVERRIDE_PARAM_KEY = "_method"
+    HTTP_METHOD_OVERRIDE_HEADER = "HTTP_X_HTTP_METHOD_OVERRIDE"
     ALLOWED_METHODS = %w[POST]
 
     def initialize(app)

data/lib/rack/mime.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   module Mime
     # Returns String with mime type if found, otherwise use +fallback+.
@@ -13,7 +15,7 @@ module Rack
     # This is a shortcut for:
     #     Rack::Mime::MIME_TYPES.fetch('.foo', 'application/octet-stream')
 
-    def mime_type(ext, fallback='application/octet-stream')
+    def mime_type(ext, fallback = 'application/octet-stream')
       MIME_TYPES.fetch(ext.to_s.downcase, fallback)
     end
     module_function :mime_type
@@ -306,6 +308,7 @@ module Rack
       ".lvp"       => "audio/vnd.lucent.voice",
       ".lwp"       => "application/vnd.lotus-wordpro",
       ".m3u"       => "audio/x-mpegurl",
+      ".m3u8"      => "application/x-mpegurl",
       ".m4a"       => "audio/mp4a-latm",
       ".m4v"       => "video/mp4",
       ".ma"        => "application/mathematica",
@@ -343,6 +346,7 @@ module Rack
       ".mp4s"      => "application/mp4",
       ".mp4v"      => "video/mp4",
       ".mpc"       => "application/vnd.mophun.certificate",
+      ".mpd"       => "application/dash+xml",
       ".mpeg"      => "video/mpeg",
       ".mpg"       => "video/mpeg",
       ".mpga"      => "audio/mpeg",
@@ -542,6 +546,7 @@ module Rack
       ".spp"       => "application/scvp-vp-response",
       ".spq"       => "application/scvp-vp-request",
       ".src"       => "application/x-wais-source",
+      ".srt"       => "text/srt",
       ".srx"       => "application/sparql-results+xml",
       ".sse"       => "application/vnd.kodak-descriptor",
       ".ssf"       => "application/vnd.epson.ssf",
@@ -576,6 +581,7 @@ module Rack
       ".tr"        => "text/troff",
       ".tra"       => "application/vnd.trueapp",
       ".trm"       => "application/x-msterminal",
+      ".ts"        => "video/mp2t",
       ".tsv"       => "text/tab-separated-values",
       ".ttf"       => "application/octet-stream",
       ".twd"       => "application/vnd.simtech-mindmapper",
@@ -600,9 +606,11 @@ module Rack
       ".vrml"      => "model/vrml",
       ".vsd"       => "application/vnd.visio",
       ".vsf"       => "application/vnd.vsf",
+      ".vtt"       => "text/vtt",
       ".vtu"       => "model/vnd.vtu",
       ".vxml"      => "application/voicexml+xml",
       ".war"       => "application/java-archive",
+      ".wasm"      => "application/wasm",
       ".wav"       => "audio/x-wav",
       ".wax"       => "audio/x-ms-wax",
       ".wbmp"      => "image/vnd.wap.wbmp",

data/lib/rack/mock.rb

@@ -1,9 +1,9 @@
+# frozen_string_literal: true
+
 require 'uri'
 require 'stringio'
-require 'rack'
-require 'rack/lint'
-require 'rack/utils'
-require 'rack/response'
+require_relative '../rack'
+require 'cgi/cookie'
 
 module Rack
   # Rack::MockRequest helps testing your Rack application without
@@ -53,16 +53,26 @@ module Rack
       @app = app
     end
 
-    def get(uri, opts={})     request(GET, uri, opts)     end
-    def post(uri, opts={})    request(POST, uri, opts)    end
-    def put(uri, opts={})     request(PUT, uri, opts)     end
-    def patch(uri, opts={})   request(PATCH, uri, opts)   end
-    def delete(uri, opts={})  request(DELETE, uri, opts)  end
-    def head(uri, opts={})    request(HEAD, uri, opts)    end
-    def options(uri, opts={}) request(OPTIONS, uri, opts) end
-
-    def request(method=GET, uri="", opts={})
-      env = self.class.env_for(uri, opts.merge(:method => method))
+    # Make a GET request and return a MockResponse. See #request.
+    def get(uri, opts = {})     request(GET, uri, opts)     end
+    # Make a POST request and return a MockResponse. See #request.
+    def post(uri, opts = {})    request(POST, uri, opts)    end
+    # Make a PUT request and return a MockResponse. See #request.
+    def put(uri, opts = {})     request(PUT, uri, opts)     end
+    # Make a PATCH request and return a MockResponse. See #request.
+    def patch(uri, opts = {})   request(PATCH, uri, opts)   end
+    # Make a DELETE request and return a MockResponse. See #request.
+    def delete(uri, opts = {})  request(DELETE, uri, opts)  end
+    # Make a HEAD request and return a MockResponse. See #request.
+    def head(uri, opts = {})    request(HEAD, uri, opts)    end
+    # Make an OPTIONS request and return a MockResponse. See #request.
+    def options(uri, opts = {}) request(OPTIONS, uri, opts) end
+
+    # Make a request using the given request method for the given
+    # uri to the rack application and return a MockResponse.
+    # Options given are passed to MockRequest.env_for.
+    def request(method = GET, uri = "", opts = {})
+      env = self.class.env_for(uri, opts.merge(method: method))
 
       if opts[:lint]
         app = Rack::Lint.new(@app)
@@ -71,7 +81,7 @@ module Rack
       end
 
       errors = env[RACK_ERRORS]
-      status, headers, body  = app.call(env)
+      status, headers, body = app.call(env)
       MockResponse.new(status, headers, body, errors)
     ensure
       body.close if body.respond_to?(:close)
@@ -85,7 +95,14 @@ module Rack
     end
 
     # Return the Rack environment used for a request to +uri+.
-    def self.env_for(uri="", opts={})
+    # All options that are strings are added to the returned environment.
+    # Options:
+    # :fatal :: Whether to raise an exception if request outputs to rack.errors
+    # :input :: The rack.input to set
+    # :method :: The HTTP request method to use
+    # :params :: The params to use
+    # :script_name :: The SCRIPT_NAME to set
+    def self.env_for(uri = "", opts = {})
       uri = parse_uri_rfc2396(uri)
       uri.path = "/#{uri.path}" unless uri.path[0] == ?/
 
@@ -139,7 +156,7 @@ module Rack
       rack_input.set_encoding(Encoding::BINARY)
       env[RACK_INPUT] = rack_input
 
-      env["CONTENT_LENGTH"] ||= env[RACK_INPUT].length.to_s
+      env["CONTENT_LENGTH"] ||= env[RACK_INPUT].size.to_s if env[RACK_INPUT].respond_to?(:size)
 
       opts.each { |field, value|
         env[field] = value  if String === field
@@ -154,17 +171,24 @@ module Rack
   # MockRequest.
 
   class MockResponse < Rack::Response
+    class << self
+      alias [] new
+    end
+
     # Headers
-    attr_reader :original_headers
+    attr_reader :original_headers, :cookies
 
     # Errors
     attr_accessor :errors
 
-    def initialize(status, headers, body, errors=StringIO.new(""))
+    def initialize(status, headers, body, errors = StringIO.new(""))
       @original_headers = headers
       @errors           = errors.string if errors.respond_to?(:string)
+      @cookies = parse_cookies_from_header
 
       super(body, status, headers)
+
+      buffered_body!
     end
 
     def =~(other)
@@ -186,11 +210,64 @@ module Rack
       #     ...
       #     res.body.should == "foo!"
       #   end
-      super.join
+      buffer = String.new
+
+      super.each do |chunk|
+        buffer << chunk
+      end
+
+      return buffer
     end
 
     def empty?
       [201, 204, 304].include? status
     end
+
+    def cookie(name)
+      cookies.fetch(name, nil)
+    end
+
+    private
+
+    def parse_cookies_from_header
+      cookies = Hash.new
+      if original_headers.has_key? 'Set-Cookie'
+        set_cookie_header = original_headers.fetch('Set-Cookie')
+        set_cookie_header.split("\n").each do |cookie|
+          cookie_name, cookie_filling = cookie.split('=', 2)
+          cookie_attributes = identify_cookie_attributes cookie_filling
+          parsed_cookie = CGI::Cookie.new(
+            'name' => cookie_name.strip,
+            'value' => cookie_attributes.fetch('value'),
+            'path' => cookie_attributes.fetch('path', nil),
+            'domain' => cookie_attributes.fetch('domain', nil),
+            'expires' => cookie_attributes.fetch('expires', nil),
+            'secure' => cookie_attributes.fetch('secure', false)
+          )
+          cookies.store(cookie_name, parsed_cookie)
+        end
+      end
+      cookies
+    end
+
+    def identify_cookie_attributes(cookie_filling)
+      cookie_bits = cookie_filling.split(';')
+      cookie_attributes = Hash.new
+      cookie_attributes.store('value', cookie_bits[0].strip)
+      cookie_bits.each do |bit|
+        if bit.include? '='
+          cookie_attribute, attribute_value = bit.split('=')
+          cookie_attributes.store(cookie_attribute.strip, attribute_value.strip)
+          if cookie_attribute.include? 'max-age'
+            cookie_attributes.store('expires', Time.now + attribute_value.strip.to_i)
+          end
+        end
+        if bit.include? 'secure'
+          cookie_attributes.store('secure', true)
+        end
+      end
+      cookie_attributes
+    end
+
   end
 end

data/lib/rack/multipart/generator.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Rack
   module Multipart
     class Generator
@@ -15,9 +17,13 @@ module Rack
 
         flattened_params.map do |name, file|
           if file.respond_to?(:original_filename)
-            ::File.open(file.path, 'rb') do |f|
-              f.set_encoding(Encoding::BINARY)
-              content_for_tempfile(f, file, name)
+            if file.path
+              ::File.open(file.path, 'rb') do |f|
+                f.set_encoding(Encoding::BINARY)
+                content_for_tempfile(f, file, name)
+              end
+            else
+              content_for_tempfile(file, file, name)
             end
           else
             content_for_other(file, name)
@@ -27,21 +33,18 @@ module Rack
 
       private
       def multipart?
-        multipart = false
-
         query = lambda { |value|
           case value
           when Array
-            value.each(&query)
+            value.any?(&query)
           when Hash
-            value.values.each(&query)
+            value.values.any?(&query)
           when Rack::Multipart::UploadedFile
-            multipart = true
+            true
           end
         }
-        @params.values.each(&query)
 
-        multipart
+        @params.values.any?(&query)
       end
 
       def flattened_params
@@ -70,12 +73,13 @@ module Rack
       end
 
       def content_for_tempfile(io, file, name)
+        length = ::File.stat(file.path).size if file.path
+        filename = "; filename=\"#{Utils.escape(file.original_filename)}\"" if file.original_filename
 <<-EOF
 --#{MULTIPART_BOUNDARY}\r
-Content-Disposition: form-data; name="#{name}"; filename="#{Utils.escape(file.original_filename)}"\r
+Content-Disposition: form-data; name="#{name}"#{filename}\r
 Content-Type: #{file.content_type}\r
-Content-Length: #{::File.stat(file.path).size}\r
-\r
+#{"Content-Length: #{length}\r\n" if length}\r
 #{io.read}\r
 EOF
       end